package com.probiz.estoresf.customer.web.action;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.springframework.web.servlet.ModelAndView;

import com.probiz.estore.common.helper.ConfigUtil;
import com.probiz.estore.common.model.customer.PasswordModel;
import com.probiz.estore.common.model.customer.ValidationSession;
import com.probiz.estore.core.controller.BaseController;
import com.probiz.estore.core.util.StringUtil;
import com.probiz.estore.customer.service.CustomerManager;
import com.probiz.estore.customer.service.ValidationSessionManager;
import com.probiz.estore.webapp.util.RequestUtil;
public class PasswordResetFrontFormController extends BaseController {

    private ValidationSessionManager validationSessionManager=null;
    
    private CustomerManager  customerManager;
       
    public void setValidationSessionManager(
            ValidationSessionManager validationSessionManager) {
        this.validationSessionManager = validationSessionManager;
    }
    
    public void setCustomerManager(CustomerManager customerManager) {
		this.customerManager = customerManager;
	}
    
    public ModelAndView onSubmit(HttpServletRequest request,
            HttpServletResponse response)
            throws Exception {
        PasswordModel passwordModel=formBackingObject(request);
        
        logger.debug("enter PasswordResetFrontFormController onSubmit...");
        String msg="";
        
        
        if(validationSessionManager.isUrlValid(passwordModel.getEmail(),passwordModel.getUrl(),ValidationSession.TYPE_PASSWORD_RECOVER)){
           
            String newPassword="";
            //get the proper password (may be encrypted) 
            newPassword=StringUtil.encodePassword(passwordModel.getPassword(), ConfigUtil.getInstance().getPasswordEncryptionAlgorithm());
            //the reset password by email
            customerManager.saveModifyPassword(passwordModel.getEmail(),newPassword);
    		
            String loginUrl=request.getContextPath() + "/login.html" ;
            
            msg=getMessage("passwordRecover.success.finish",new Object[]{loginUrl});
            
            saveMessage(request,msg);
            
        }else{
            String errorMessage = getMessage("passwordRecover.error.emailWrong",new Object[]{passwordModel.getEmail()});
            saveErrorMessage(request, errorMessage);
            return new ModelAndView("customer/resetPassword");
        }
        
        return new ModelAndView("customer/resetPassword");
    }
    
    protected PasswordModel formBackingObject(HttpServletRequest request)
            throws Exception {
        PasswordModel pm=new PasswordModel();
        String uid=request.getParameter("uid");
        if(uid!=null)pm.setUrl(uid);
        String password = RequestUtil.getParameterNullSafe(request, "password");
        String url = RequestUtil.getParameterNullSafe(request, "url");
        String repassword = RequestUtil.getParameterNullSafe(request, "repassword");
        String email = RequestUtil.getParameterNullSafe(request, "email");
        if(StringUtils.isNotEmpty(password)){
        	pm.setPassword(password);
        }
        if(StringUtils.isNotEmpty(repassword)){
        	pm.setRepassword(repassword);
        }
        if(StringUtils.isNotEmpty(email)){
        	pm.setEmail(email);
        }
        if(StringUtils.isNotEmpty(url)){
        	pm.setUrl(url);
        }
        
        request.setAttribute("passwordModel",pm);
        return pm;
    }
   
    public ModelAndView defaultAction(HttpServletRequest request,
            HttpServletResponse response) throws Exception {
        String uid=request.getParameter("uid");
        logger.debug("enter PasswordResetFrontFormController showForm.....");
        formBackingObject(request);
        if(uid!=null){
           if(validationSessionManager.isUrlValid(uid,ValidationSession.TYPE_PASSWORD_RECOVER)==false){
               return new ModelAndView("customer/resetPasswordError");
           }
        }
        return new ModelAndView("customer/resetPassword");
    }
    
}
